Attention! Your web page request has been cancelled
'Attention! Your web page request has been cancelled.' is a fake security warning that is displayed by the rogue application Antivirus 7. The fake 'Attention! Your web page request has been cancelled.' security alert is used to convince users that they have visited a malicious website and therefore they need to purchase Antivirus 7 to fix the problem. Do not believe the "Attention! Your web page request has been cancelled." security alert and never purchase Antivirus 7.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[UserName]\Desktop\Antivirus7.lnk 2 %Documents and Settings%\All Users\Start Menu\AV 3 %Documents and Settings%\All Users\Start Menu\AV\Antivirus7.lnk 4 %Documents and Settings%\All Users\Start Menu\AV\Uninstall.lnk 5 %Program Files%\Antivirus7AV 6 %Program Files%\Antivirus7AV\Antivirus7.exe 7 %Program Files%\Antivirus7AV\unins000.dat 8 %Program Files%\Antivirus7AV\unins000.exe 9 %Program Files%\AV 10 %Program Files%\AV\Antivirus7.exe 11 %Program Files%\Common Files\Uninstall 12 %Program Files%\Common Files\Uninstall\AV 13 %Program Files%\Common Files\Uninstall\AV\Uninstall.lnk 14 %WINDOWS%\System32\UpdateCheck.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\EVAACDHKEY_CURRENT_USER\Software\FNULL246HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antivirus7"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinNT-EVI 25.11.2009"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}{6A23338A-C725-48D0-BA96-B12FDD22DD39}_is1
Additional Information on Attention! Your web page request has been cancelled
- The following messages's were detected:
# Message 1 "Attention! Your web page request has been cancelled. This web site refused your connection as it was reported as a malicious request. This can be caused by Viruses, Trojans or Malware found on your computer.
In order to resend your request to the website, press Resend request (please note that this action may cause a permanent block of your computer by the requested website)
In order to activate your security software, please Fix Now (recommended)"
This is a really intelligent way to asnwer the question.